Aggregates CVE and security vulnerability intelligence across all Reolink-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk memory corruption, vendor risk open redirect, and vendor risk cross-site scripting, with potential vendor impact memory corruption across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-56802 | The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is that material is not hardcoded and is instead randomly generated on each installation of the application. | [email protected] | 5.1 | 0.11% | 2025-10-21 | 2025-11-17 |
| CVE-2025-56801 | The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector (IV) in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that material is not hardcoded and is instead randomly generated on each installation of the application. | [email protected] | 5.1 | 0.12% | 2025-10-21 | 2025-11-17 |
| CVE-2025-56800 | Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable JavaScript property(a.settingsManager.lockScreenPassword), an attacker can patch the return value to bypass authentication. NOTE: this is disputed by the Supplier because the lock-screen bypass would only o | [email protected] | 5.1 | 0.22% | 2025-10-21 | 2025-11-17 |
| CVE-2025-56799 | Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself. | [email protected] | 6.5 | 1.13% | 2025-10-21 | 2025-11-17 |
| CVE-2025-55637 | Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a command injection vulnerability via the setddns_pip_system() function. | [email protected] | 9.8 | 1.70% | 2025-08-22 | 2025-10-21 |
| CVE-2025-55634 | Incorrect access control in the RTMP server settings of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows unauthorized attackers to cause a Denial of Service (DoS) via initiating a large number of simultaneous ffmpeg-based stream pushes. | [email protected] | 7.5 | 0.48% | 2025-08-22 | 2025-10-21 |
| CVE-2025-55630 | A discrepancy in the error message returned by the login function of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 when entering the wrong username and password allows attackers to enumerate existing accounts. | [email protected] | 7.3 | 0.25% | 2025-08-22 | 2025-10-21 |
| CVE-2025-55625 | An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a malicious site via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior that supports redirection to Alexa URLs, which are not guaranteed to remain at the same domain indefinitely. | [email protected] | 6.3 | 0.21% | 2025-08-22 | 2025-09-26 |
| CVE-2025-55624 | An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access internal functions or access non-public components. | [email protected] | 5.3 | 0.31% | 2025-08-22 | 2025-08-28 |
| CVE-2025-55623 | An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge). | [email protected] | 5.4 | 0.29% | 2025-08-22 | 2025-08-28 |
| CVE-2025-55622 | Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. NOTE: this is disputed by the Supplier because it is intentional behavior to ensure a predictable user experience. | [email protected] | 6.5 | 0.32% | 2025-08-22 | 2025-10-02 |
| CVE-2025-55621 | An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social platform on which users expect to find one another. | [email protected] | 6.5 | 0.22% | 2025-08-22 | 2025-10-02 |
| CVE-2025-55620 | A cross-site scripting (XSS) vulnerability in the valuateJavascript() function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | [email protected] | 6.1 | 0.21% | 2025-08-22 | 2025-08-28 |
| CVE-2025-55619 | Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering. | [email protected] | 9.8 | 0.38% | 2025-08-22 | 2025-08-28 |
| CVE-2021-40150 | The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI. | [email protected] | 7.5 | 3.25% | 2022-07-17 | 2024-11-21 |
| CVE-2021-40149 | The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI. | [email protected] | 5.9 | 5.67% | 2022-07-17 | 2024-11-21 |
| CVE-2021-44394 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | [email protected] | 7.5 | 1.72% | 2022-04-14 | 2024-11-21 |
| CVE-2021-44375 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | [email protected] | 7.5 | 1.72% | 2022-04-14 | 2024-11-21 |
| CVE-2021-44366 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | [email protected] | 7.5 | 1.72% | 2022-04-14 | 2024-11-21 |
| CVE-2021-44357 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | [email protected] | 7.5 | 1.72% | 2022-04-14 | 2024-11-21 |